Okta confirms another breach after hackers steal source code

Identity and authentication company Okta has revealed that it is dealing with another significant security incident after a hacker accessed its source code following a breach of its GitHub repositories. The company said in a statement that it had received notification from GitHub about “suspicious access” to its code repositories earlier this month, and that the hackers had used this access to copy code repositories related to Workforce Identity Cloud (WIC), its enterprise security solution. Okta added that there had been no unauthorized access to its service or customer data, and that products related to Auth0, which it acquired in 2021, were not impacted. Okta did not disclose how the hackers had gained access to its private repositories.

According to a confidential email notification sent by Okta internally and seen by BleepingComputer, GitHub notified the San Francisco-based company of suspicious activity in its code repositories in December 2022.

Okta’s internal email and public advisoryOpens a new window says unknown threat actors copied some GitHub repositories containing source code but clarified that no customer data or company infrastructure was impacted. The incident was reportedly limited to Okta Workforce Identity Cloud repositories.

Okta added that as soon as it learned of the possible suspicious access, it promptly placed temporary restrictions on access to its GitHub repositories and suspended all GitHub integrations with third-party applications. The company also stated that there had been no unauthorized access to its service or customer data, and that products related to Auth0, which it acquired in 2021, were not impacted. Okta did not disclose how the hackers had gained access to its private repositories.

This is not the first time that Okta has faced such a threat. Earlier this year, the company was targeted by the Lapsus$ extortion group, which gained access to the account of a customer support engineer at one of Okta’s third-party service providers, Sykes, and posted screenshots of Okta’s apps and systems. In August of this year, Okta faced another compromise when it was targeted by a hacking campaign that affected more than 100 organizations, including Twilio and DoorDash.

Signal Introduces Usernames for Encrypted Messaging: A Secure Way to Connect

Signal, the encrypted messaging service, is launching a new feature in the coming weeks: support for usernames. This beta feature allows users to establish unique usernames, enabling connections without divulging phone numbers. source: Signal Blog To create a username, navigate to your settings and select "Profile." Once you've chosen a unique username, generate a QR code or link to share with others. Recipients can connect by entering your username into the chat bar. Usernames can be changed at any time, though previous usernames may be claimed by others. Signal began testing usernames last fall. Unlike social media platforms, Signal usernames do not serve as logins or public handles. They offer a discreet means of communication without revealing personal phone numbers. While a phone number is required to register for Signal, sharing it is optional. Usernames remain private and do not appear on profiles or in chats unless shared explicitly. As Randall Sarafa, Signal'

AT&T Resets Millions of Customer Passcodes After Data Leak: What You Need to Know

AT&T recently confirmed a significant data breach affecting over 7.6 million current customers and 65 million former customers. The leaked information, which dates back to 2019 or earlier, includes personal details like names, addresses, phone numbers, and social security numbers. Fortunately, financial information and call history were not compromised. In response to the breach, AT&T has reset passcodes for affected customers. Passcodes, usually four-digit numbers, serve as an additional layer of security when accessing accounts. However, security experts warn that the encrypted passcodes leaked alongside customer information could be easily deciphered, posing a risk of unauthorized account access. Affected customers are advised to set up free fraud alerts with major credit bureaus and remain vigilant for any suspicious activity related to their accounts. AT&T is proactively reaching out to impacted customers via email or letter to inform them about the breach and the meas

Safeguarding Internet Privacy: Supreme Court of Canada Upholds Protection of IP Addresses

In a recent ruling, the Supreme Court of Canada affirmed the significance of privacy rights concerning internet addresses. The court declared that police cannot simply obtain a suspect’s IP address without a court order, emphasizing the expectation of privacy that Canadian residents hold for such information. The court's decision stemmed from a case in 2017 involving Calgary police investigating fraudulent online activities at a liquor store. Initially, police demanded IP addresses from a credit card processor, which eventually led to obtaining subscriber information from Telus. This information was pivotal in making arrests and securing convictions in multiple offenses. Despite previous convictions, the accused contested the legality of obtaining IP addresses without proper authorization. The Supreme Court, in a 5-4 decision, asserted that IP addresses carry a reasonable expectation of privacy, necessitating judicial approval before access. The ruling emphasizes that obtaining jud

THEHACKCITY

Search This Blog